The cloud. That ambiguous term that so many companies use to describe a place where things get stored, a place where services are based, a place where the magic happens. It’s hard to find many people who understand exactly how the cloud works, but it’s even harder to find someone who’s not using it in some way.
In the cloud, it’s very important to make sure that you’re keeping your stuff protected, but how do you protect something that’s not tangible? Should you trust your cloud provider in the hopes that your information will stay private? I’d ask Jennifer Lawrence, Scarlett Johansson or Sony Pictures what they think.
We recently came across an old InfoWorld article (posted in 2013, but still VERY relevant!) that talks about the five biggest cloud risks. It’s worth reading again – The 5 Cloud Risks You Have to Stop Ignoring – but if you’re short on time, we’ve summarized them for you below.
- Shared access. Multiple customers sharing the same resources, like storage and memory, is called multitenancy – think a cloud storage like Dropbox whose users all share the same Amazon servers and CPU. Those companies pretty much put fences in between each customer’s storage space/memory. So if there is one little problem (a tiny hole in the fence), it’s then easy for attackers to gain access to other people’s accounts. Usually companies are good about protecting their stuff, but it’s important to be cognizant of what’s going on, since this can easily become a bigger issue.
- Virtual exploits. Virtualization (creating a virtual version of something) is very popular with cloud providers. It’s how they help users feel like they are creating folders and accessing files that are right on their computer, when in actuality they’re doing it on a server thousands of miles away. Virtualization adds another layer of risk on top of that which comes with physical machines, since it’s putting additional access points to those servers.
- Authentication, authorization and access control. Authentication is the process of determining that users are who they really are. Authorization is when certain access rights to different resources are granted to users, and access control is the restriction of access to specific resources. All three of these security features work together to help protect your data and cloud. Thus it follows that if one of these is weak and not working as it should, then you’re going to have problems.
- Cloud storages go down at some point or another, and that’s just a fact of life. And while it is ridiculously inconvenient if you can’t access files that you need at the exact moment you need them, it hurts even more when you lose those files altogether (cue curling up in a ball and freaking out). The quick fix here is that you should back-up all files in your cloud storage on an actual hard drive, on a regular basis – annoying, but your future self will thank you.
- Quiz time – do you own the data that you are storing in the cloud? If you answered yes, then you’re going to be in for a world of shock, because…cloud vendors own it, too. Why? Well, they general want ownership of that data because it gives them more legal protection, but also because they can then mine the data to glean more user insight (which can help them figure out more revenue opportunities). Try to read the fine print of you can, but you’ll be hard-pressed to find a cloud vendor who doesn’t do this.
Want to read more? Here is the link to the full InfoWorld’s article. It’s not too late to know where your cloud vendor stands and to get a full understanding of how to mitigate the risks.